Matt Wilgus is a Principal at Schellman, where he heads the delivery of Schellman’s penetration testing services related to FedRAMP and PCI assessments, as well as other regulatory and compliance programs. Matt has over 20 years’ experience in information security, with a focus on identifying, exploiting and remediating vulnerabilities. In addition, he has vast experience enhancing client security programs while effectively meeting compliance requirements. Matt has a strong background in network and application penetration testing, although over the past 10 years most of his focus has been on the application side, with extensive experience testing some of the most well-known IaaS, PaaS and SaaS providers.
Cybersecurity | Pen Testing | penetration testing
By:
MATT WILGUS
June 16th, 2022
Some might say a good decision is based on knowledge and not on numbers.
Pen Testing | penetration testing
By:
MATT WILGUS
June 17th, 2021
During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.
By:
MATT WILGUS
November 7th, 2018
In the battle for top tech talent, the wrong hire can be devastating. So do your tech team the favor of watching out for these warning signs before offering the job. It’s a hiring worst-case scenario: A job candidate aces every aspect of the interview process, but after joining the company, they can’t get the job done. Or perhaps worse, the new coworker is capable but so disruptive the rest of the team suffers.
By:
MATT WILGUS
October 24th, 2018
In 2018, the year of artificial intelligence, internet of things, blockchain, and big data, it is safe to say more and more companies are emerging to be technology companies. In the last year, a lot of attention has been placed on how automotive companies such as Ford and General Motors are positioning themselves as technology companies.
By:
MATT WILGUS
May 1st, 2018
Hiring managers and recruiters bemoan a soft skills gap in IT, and recent data backs up the sentiment. A LinkedIn report conducted with consulting firm Capgemini found that more employers say their organization lacks soft skills (nearly 60 percent) than hard digital skills (51 percent).
By:
MATT WILGUS
April 12th, 2018
This article details the prevalence of risk acceptance within organizations, why IT security departments may be putting too much confidence in their controls, and how excessive risk acceptance is often cultural. Originally published in the April 2018 issue of the ISSA Journal
By:
MATT WILGUS
March 14th, 2018
Though vulnerability scanning is only one of the control requirements in FedRAMP, it is actually one of the most frequent pitfalls in terms of impact to an authorization to operate (ATO), as FedRAMP requirements expect cloud service providers (CSPs) to have a mature vulnerability management program. A CSP needs to have the right people, processes and technologies in place, and must successfully demonstrate maturity for all three. CSPs that have an easier time with the vulnerability scanning requirements follow a similar approach, which can be best articulated by breaking down the expectations into three stages.
By:
MATT WILGUS
May 30th, 2017
Web application scanning, a type of dynamic application security testing (DAST), is an important component for organizations looking to provide a secure online offering to their clients.